package com.cskaoyan.login;

import com.cskaoyan.utils.JDBCUtils;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;

public class LoginDemo {


    // Main
    public static void main(String[] args) {

//        Boolean ret = login("天明", "xxdd");

        // 存在数据库的注入问题
        // select * from user where username = '天明' and password = 'xxdd'
        // select * from user where username = '天明' and password = 'xxdd' or '1=1'

        Boolean ret = login("天明", "masdnjabf' or '1=1");


        if (ret) {
            System.out.println("登录成功");
        }else {
            System.out.println("登录失败！");
        }

    }


    // 登录的方法
    public static Boolean login(String username,String password){

        try {

            // 获取连接
            Connection connection = JDBCUtils.getConnection();

            // 获取statement对象
            Statement statement = connection.createStatement();

            // 执行SQL语句
            String sql = "select * from user where username = '"+username+"' and password = '"+password+"'";

            System.out.println("sql:" + sql);

            ResultSet resultSet = statement.executeQuery(sql);

            // 解析结果集
            if (resultSet.next()) {
                return true;
            }else {
                return false;
            }
        }catch (Exception ex) {
            ex.printStackTrace();
            return false;
        }
    }
}
